Our software, in conjunction with Fiserv can store your customer’s credit card for later use, making the payment and billing process more convenient for your customers.
If you plan to use Fiserv, you must follow the best practices below to maintain PCI compliance and ensure secure tokenized storage of payment information.
Best Practices
Disclose to cardholders how their stored credentials will be used.
- Explain when and why you may charge the card, including recurring payments or recharges for balances and deposits.
Obtain the cardholder’s consent before storing payment credentials.
- Fiserv requires explicit authorization to tokenize and store card data for future use.
Notify cardholders whenever terms of use change or if future transactions will occur on file.
- Transparency helps reduce disputes and chargebacks.
Inform the account issuer that payment credentials are stored on file.
- This can be done through an initial $0 authorization or processing a verified payment transaction.
Identify the initiator and frequency of transactions (one-time or recurring).
- Use appropriate transaction indicators (such as stored credential flags) required by Visa, Mastercard, and other major networks.
Provide proactive notification of future transactions.
- Allow customers the ability to cancel a recurring payment or subscription before the charge occurs.
Important Note:
Fiserv uses secure tokenization for saved payment credentials. This means that actual card data is never stored in IO or EventOffice—only a secure token linked to the merchant’s processor account.
Following these steps helps ensure your business remains PCI compliant and avoids penalties for unauthorized card storage.